June 2, 2014

Physical Security for Hard-Copies and Mobile Devices

Originally Updated 07/16/2013 © 2013 ePlace Solutions, Inc.

By Jennifer Paradise

One of the main causes of security incidents is lost, misplaced or physically stolen sensitive information, whether in hard-copy or electronic form. This bulletin reviews practices for maintaining physical security of hard-copy information as well as electronic devices.

Protecting Hard-Copy Information

Hard-copy sensitive information presents several security issues. For example, paper can be easily lost or misplaced, and can be read or possibly even copied without the owner realizing this has happened.

Best Practices

  • Keep sensitive papers off your desk and locked in drawers when you are away 
  • Shield sensitive hard-copy information to avoid accidental exposure - e.g. while walking down a hallway, taking an elevator, or waiting in line 
  • When it is necessary to send or otherwise transport sensitive hard-copy information, ensure the documents are protected with adequate packaging; be sure to use the appropriate level of receipt verification 
  • As with electronic data, remove all unnecessary sensitive information, e.g. remove or mask account numbers on financial statements 
  • Remove sensitive information immediately from shared copiers, fax machines and printers. 
  • Don't forget to remove the original from copiers 
  • Fax machines that may receive sensitive information should be located inside locked rooms

Safeguarding Data on Mobile Devices

Physical security precautions are vital for mobile devices which can be easily misplaced, lost or stolen. Storing sensitive information on laptop PCs, smartphones, thumbdrives and other mobile devices is strongly discouraged.

If your organization's processes and procedures or your job responsibilities require you to store or transfer sensitive information via a mobile device, the information should be protected with the same level of security used in other IT systems in your organization AND should be encrypted.

Best Practices

  • Ensure the device's password protection is enabled 
  • Encrypt the information 
  • Never leave a mobile device unattended without first physically securing it, e.g. cable lock laptop PCs; it's better to keep devices with you at all times 
  • Refrain from advertising the presence of mobile devices; for example - use non-descriptive carry bags for laptops 
  • Closely monitor mobile devices during airport and other security inspections 
  • Never put a mobile device in checked luggage - always maintain physical control